LAB: Configure End to End VPC Endpoint Service
LAB:Configure End to End VPC Endpoint Service
Set up an end-to-end connection between two VPC’s (Services Provider and customer) using Endpoint service. In this lab, we will be creating a service provider VPC with a public subnet which contains a Network load balancer with EC2 Instance having a sample webpage and then create a VPC Endpoint service for the Network Load balancer.
For the customer side, we will be creating a Customer VPC with a public subnet and create a VPC Endpoint and test the connectivity using an EC2 Instance.
Refer below topology to configure VPC Endpoint End to end Service.
- Create a service provider VPC Dclessons-SP-Network with CIDR: 22.214.171.124/16
- Create and attach an Internet Gateway Dclessons-SP-IGW to VPC Dclessons-SP-Network.
- Create a Public subnet Dclessons-SP-Public-Subnet- (126.96.36.199/24)
- Create a Public Route Table and associate it with the subnet.
- Add the public Route 0.0.0.0/0 to IGW in the Route table in Dclessons-SP-Public-RT.
- Create an EC2 Instances in subnet Dclessons-SP-Public-Subnet.
- Create a Network Load Balancer Dclessons-SP-LB in SP VPC.
- Create an Endpoint service Dclessons-SP-VPC-EP-Service.
- Create a customer VPC Dclessons-Customer-VPC01 with CIDR:10.0.0.0/16.
- Create and attach an Internet Gateway Dclessons-Customer-IGW to VPC Dclessons-Customer-VPC01.
- Create a Public subnet Dclessons-Customer-Public-Subnet (10.0.1.0/24) and Create a Public Route Table Dclessons-Customer-Public-RT and associate it with the subnet.
- Add the public Route 0.0.0.0/0 with target Dclessons-Customer-IGW in the Route table Dclessons-Customer-Public-RT.
- Create an EC2 Instance Dclessons-Customer-EC2.
- Create a VPC Endpoint and connect between Customer and Service Provider VPC.
- Test the connectivity.
Go to AWS Services | VPC | Create VPC | Under VPC Setting Name: Dclessons-SP-Network with CIDR: 188.8.131.52/16 | Click Create VPC
Select Internet Gateway | Create Internet Gateway | Name: Dclessons-SP-IGW | Click Create Internet Gateway
Now attach this IGW to SP VPC , as shown below
Configure SP Subnet
Go to Subnet | Under Create Subnet: Select VPC: Dclessons-SP-Network | Subnet Name: Dclessons-SP-Public-Subnet | AZ: Ohio/us-east-2a with IPv4 CIDR: 184.108.40.206/24
Create Route Table for SP Public Subnet:
Go to Route table | under create Route Table Name: Dclessons-SP-Public-RT | VPC Name: Dclessons-SP-Network | Click Create Route Table
Under Route table: Dclessons-SP-Public-RT, Select Subnet Association : Click Edit Subnet Association:
Select Dclessons-SP-Public-Subnet 220.127.116.11/24 and save
Select Route Tab | Edit Routes | and add 0.0.0.0/0 with target IGW
Configure EC2 instance in SP network:
Launch Amazon Linux AMI with t2.micro Instance , refer below figure for configuration. Under Advance Setting | User data filed , provide following code :
yum update -y
yum install httpd -y
systemctl start httpd
systemctl enable httpd
echo "Welcome to DCLESSONS Webserver 1" >> /var/www/html/index.html
systemctl restart http
In Security Group Section | Click to create new Security Group and allow all ports and protocols shown in below figure | Click to review and launch
Under key pair section | Select Create a new Key pair | Name: Webserver | Click Download Key pair and Click Launch Instances.
Configure Load balancer
Under VPC | Click on load balancer Section | Click to create Network Load balancer | Under Basic Configuration: Name: Dclessons-SP-LB | Scheme: Internet-facing | IP address: IPv4 | Select VPC: Dclessons-SP-Network | Mapping: us-east2a with subnet: Dclessons-SP-Public-Subnet and IPv4 address: assigned by AWS.
Now Under Listeners and Routing | Select port 80 with protocol: TCP Port 80 and Click Create Target Group
Under Target Group | Name: Dclessons-SP-LB-TG | Select protocol: TCP and Port: 80 and in Listeners section select target group Dclessons-SP-LB-TG
In Health Check Section | Select health Check protocols: TCP and in Specify Group Details option: Select Instances.
Click Next to go to Register Target Section: Under Register Target, Select Dclessons-Webserver1 Instance | Select: Include as pending below | Click to Create target group.
Click Create Load balancer
Now Once LB is created, you can see DNS name ( A record ) has been provided to LB.